A Report By Uswitch, UK-Based Price Comparison Service Company, Confirms That Many Health Apps Have Access To More User Data Than Necessary.

By Oluwanifemi Kolawole

In 2017, I downloaded a period tracking app as recommended by a friend. I would go on to use it for a few months before losing my mobile phone. I forgot to re-install it on my new device, and until recently, I didn’t use any such health app. Thinking back, all I needed was a mobile tool that would help me keep track of my monthly cycle and nothing more. And as long as the app did that, I was satisfied. Interestingly, it offered a lot more than period tracking, like a locked diary and some occasional pop-up ads that enlightened me on girl-related stuff.

From a Techpoint Africa Twitter survey, I confirmed that many people only care about the services health apps offer like me. Chances are they trust the companies that make the products. There was outrage earlier in January following Facebook’s ultimatum for users to either accept WhatsApp’s updated privacy policy — requesting users’ consent to share data with Facebook — or have their accounts deactivated.

With many people moving to other messaging platforms like Signal and Telegram, it is safe to say that concerns about data safety on WhatsApp set off alarm bells. But then, none of these platforms can sufficiently guarantee the safety of users’ data. Every app you install on your smartphone requests that you part with a valuable piece of information about yourself. The only difference is in their terms; some apps “need more personal details to work with” than others.

A report by uswitch, a uk-based price comparison service company, confirms that many health apps have access to more user information than is necessary. For clarity, the term ‘health app’ covers services, including fitness tracking, weight tracking, period tracking, and sleep tracking, among others. Immensely popular, many of these apps come with smart devices like the Mi Band and other smartwatch brands. There are also popular companies like Strava, Flo Health, Fitbit, and big names like Google, Samsung, and Apple, which have dedicated fitness apps.

Using a 24-point grading scale, USwitch’s report noted that many health apps have access to at least 13 data sets. Of the 15 apps considered, MyFitnessPal, a weight tracking app, requests 20 out of 24 most common data sets requested by apps. To put this in perspective, that is 14 data sets more than what WhatsApp requires. On the list with 15 points are Flo — one of Nigeria’s most downloaded period tracking apps — and popular running and cycling app, Strava.

This should concern any user because personal data — most of which ends up being shared with third parties for promotional purposes — is at stake here. Unfortunately, users inadvertently give these companies their consent to do as they please with their data. What do you do when presented with a 20-page privacy policy after downloading a fitness app or period monitor? If you’re patient, you might scroll down a few pages to find ‘personal data we collect from you’, then a statement like ‘your data is safe with us’ before you accept.

However, below that is ‘how we use your personal data’ and ‘third party processing your personal data’ and other sometimes incomprehensible information. Despite many people failing to open privacy policies before accepting them, there is usually an outburst once regulators expose what companies do with their data. The Facebook-Cambridge Analytica scandal is a case in point, and there are others.

In September 2019, period tracking apps — Maya by Plackal Tech, My Period Tracker by Linchpin Health, and three others — were accused of sharing private data with Facebook. Conversely, Period Tracker Flo by Flo Health and other apps were considered safe. Ironically, early in 2021, US federal regulators accused Flo Health of also sharing user information with third parties such as Facebook and Instagram.

In July 2019, a particular trend saw people post pictures of themselves ageing on social media; on Twitter, for instance, it was called the #FaceAppChallenge. People uploaded their photos on FaceApp, a mobile app which generated what they would look like if they were older. Many celebrities jumped on the trend, and before long, the app topped the list of most downloaded free apps on the Google Play Store and App Store.

Before the craze died down, data privacy experts warned that privacy and personal information were at stake. They said that users should be concerned about the permissions they were granting the Russian-based AI app. As questions about privacy kept cropping up, the app came under scrutiny. Although FaceApp only requests permission to access your photos and Facebook account, we cannot determine the latter’s reach. And this is the same concern with playing Facebook games.

Fitness-tracking devices and apps keep different sets of personal user data — from pulse to heart rate to location to workout routine — that can be valuable in the targeted advertising market.

This news was originally published at Tech Point.